From: Jim on 26 Feb 2010 17:52 On Fri, 26 Feb 2010 09:24:44 -0700, Don <donald7.44(a)gmail.com> wrote: > >On 2/26/2010 8:48 AM, Leonid S. Knyshov // SBS Expert wrote: >> On 2/25/2010 11:56 PM, Don wrote: >>> Hello, I have a client that has a company laptop, and he has forgotten >>> his password. Now the laptop was part of an old business with a domain >>> that no longer exists. What can I do to recover the password. I have >>> access to the local admin account, but not the domain admin account on >>> the laptop. >>> >>> Domain was with a sbs 2003 machine. >> Is there any data on that account that is domain-specific? >> >> I am thinking perhaps the Exchange profile is a dealbreaker? >> >> If not, just create a new local profile and copy his old profile data >> into the new local profile. > >There is the exchange profile it is really important. If it has to be >lost oh well. But I can move his data, however there are programs tied >to the profile. I created a local profile and most of the programs will >not work. Did you make the user a local admin? That might explain why some programs don't work.
From: Don on 27 Feb 2010 01:28 On 2/26/2010 3:52 PM, Jim wrote: > On Fri, 26 Feb 2010 09:24:44 -0700, Don<donald7.44(a)gmail.com> wrote: > >> >> On 2/26/2010 8:48 AM, Leonid S. Knyshov // SBS Expert wrote: >>> On 2/25/2010 11:56 PM, Don wrote: >>>> Hello, I have a client that has a company laptop, and he has forgotten >>>> his password. Now the laptop was part of an old business with a domain >>>> that no longer exists. What can I do to recover the password. I have >>>> access to the local admin account, but not the domain admin account on >>>> the laptop. >>>> >>>> Domain was with a sbs 2003 machine. >>> Is there any data on that account that is domain-specific? >>> >>> I am thinking perhaps the Exchange profile is a dealbreaker? >>> >>> If not, just create a new local profile and copy his old profile data >>> into the new local profile. >> >> There is the exchange profile it is really important. If it has to be >> lost oh well. But I can move his data, however there are programs tied >> to the profile. I created a local profile and most of the programs will >> not work. > > > Did you make the user a local admin? That might explain why some > programs don't work. the user is the local admin account. There is another account the user used when the domain went down at work, but it has not been used for over a year.
From: Bill Kearney on 27 Feb 2010 10:46 "Don" <donald7.44(a)gmail.com> wrote in message news:eu9s$krtKHA.4492(a)TK2MSFTNGP05.phx.gbl... > Hello, I have a client that has a company laptop, and he has forgotten his > password. Now the laptop was part of an old business with a domain that no > longer exists. What can I do to recover the password. I have access to the > local admin account, but not the domain admin account on the laptop. You may want to ask this in the active_directory newsgroup. There are tools that will let you edit the various permissions involved. There are a lot of Access Control Lists (ACLs) involved. I believe there are some automated tools to help with this process. Otherwise it's a long slog through a lot of files cleaning things up. One suggestion, totally back up the drive before mucking about with it. I seem to recall a couple of points where mistakes became an even greater hassle to clean up. -Bill Kearney
From: jj jammer on 28 Feb 2010 05:04 This isn't really a windows security question but more of a hacking question. Depending on the client what you need to understand is that the cached password is stored in the following location HKEY_LOCAL_MACHINE\SECURITY\CACHE\NL$1 through NL$10 as a hash. You will need a tool like cachedump (google it) to retrieve the hashes then you can use a tool like "Johntheripper" again goggle it to crack the hash. Hopefully this helps. On 27/02/2010 15:46, in article _cKdnRLWtqP_oxTWnZ2dnUVZ_gWdnZ2d(a)speakeasy.net, "Bill Kearney" <wkearney99(a)hotmail.com> wrote: > > "Don" <donald7.44(a)gmail.com> wrote in message > news:eu9s$krtKHA.4492(a)TK2MSFTNGP05.phx.gbl... >> Hello, I have a client that has a company laptop, and he has forgotten his >> password. Now the laptop was part of an old business with a domain that no >> longer exists. What can I do to recover the password. I have access to the >> local admin account, but not the domain admin account on the laptop. > > You may want to ask this in the active_directory newsgroup. > > There are tools that will let you edit the various permissions involved. > There are a lot of Access Control Lists (ACLs) involved. I believe there > are some automated tools to help with this process. Otherwise it's a long > slog through a lot of files cleaning things up. > > One suggestion, totally back up the drive before mucking about with it. I > seem to recall a couple of points where mistakes became an even greater > hassle to clean up. > > -Bill Kearney >
From: Cliff Galiher - MVP on 28 Feb 2010 16:49 I never really considered that an option since this is (presumably) not a stolen device. It is a laptop that the owner still possesses and will want access to. Hacking hashes is a time-intensive project for *weak* passwords, and nearly impossible if password strength was required as is usual in a domain (this was joined to SBS03 after all.) I also tend not to share such methods as, if someone *is* posting under false pretenses, the last thing I want to do is encourage illegal behavior. Either way, just not good... -Cliff "jj jammer" <jj(a)jam.com> wrote in message news:C7AFF031.1B28%jj(a)jam.com... > This isn't really a windows security question but more of a hacking > question. Depending on the client what you need to understand is that the > cached password is stored in the following location > > HKEY_LOCAL_MACHINE\SECURITY\CACHE\NL$1 through NL$10 as a hash. > > You will need a tool like cachedump (google it) to retrieve the hashes > then > you can use a tool like "Johntheripper" again goggle it to crack the hash. > > Hopefully this helps. > > > > > On 27/02/2010 15:46, in article > _cKdnRLWtqP_oxTWnZ2dnUVZ_gWdnZ2d(a)speakeasy.net, "Bill Kearney" > <wkearney99(a)hotmail.com> wrote: > >> >> "Don" <donald7.44(a)gmail.com> wrote in message >> news:eu9s$krtKHA.4492(a)TK2MSFTNGP05.phx.gbl... >>> Hello, I have a client that has a company laptop, and he has forgotten >>> his >>> password. Now the laptop was part of an old business with a domain that >>> no >>> longer exists. What can I do to recover the password. I have access to >>> the >>> local admin account, but not the domain admin account on the laptop. >> >> You may want to ask this in the active_directory newsgroup. >> >> There are tools that will let you edit the various permissions involved. >> There are a lot of Access Control Lists (ACLs) involved. I believe there >> are some automated tools to help with this process. Otherwise it's a >> long >> slog through a lot of files cleaning things up. >> >> One suggestion, totally back up the drive before mucking about with it. >> I >> seem to recall a couple of points where mistakes became an even greater >> hassle to clean up. >> >> -Bill Kearney >> >
First
|
Prev
|
Pages: 1 2 3 Prev: GPO and Starting Services Next: Allow domain users to update existing apps... |